OK, progress:
The big key here was recognizing that saving the CORS settings in the System Console didn’t actually lock them in—I had to SSH into the server and manually restart it. (Is there any way to do that from the System Console GUI?)
From there I was able to log in successfully using both fetch() and Client4. With Client4 I’m still stuck because a subsequent getMe() call fails with error, Invalid or expired session, please login again. Is it possible the token isn’t getting stored after the login call? I don’t see anything in the code to suggest it is.
Here are the CORS settings that have enabled the above progress:
- Enable cross-origin requests from:
*or my actual serverhttp://localhost:3000 - CORS Exposed Headers:
Token - CORS Allow Credentials:
true - CORS Debug:
truebut probably doesn’t matter